Bug ID 1146373: Basic authentication for REST admin account failing

Last Modified: Jan 20, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1

Opened: Sep 06, 2022
Severity: 3-Major

Symptoms

Basic authentication may fail for anything other than creating a token. This has most often been seen after a device had several large AS3 declarations sent to it. Most of the scenarios that caused this were fixed in ID877145 but this added on to that fix.

Impact

Basic authentication will fail with a 401 code when it use to work before. The admin account will also fail. Typically it takes 30 seconds to hit the failure.

Conditions

Large AS3 declarations suddenly hit a failure (503) seems to most frequently trigger this issue but other random paths have been seen to cause this. If you view the restjavad.audit log you may see a username of local/null on the line showing the 401 for the rest call that was tried. Also if you capture port 53 during the rest call you may see dns queries for domain "null".

Workaround

Configuring the device to resolve to localhost may workaround this issue in some cases. If it does not then a fixed version is needed: Just run the following commands: tmsh mod sys global-settings remote-host add { null { hostname null addr 127.0.0.1 } } tmsh save sys config

Fix Information

None

Behavior Change